Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,383 questions
Connect to API secured with Azure Active Directory from a low-trust Provider Hosted SharePoint Add-in
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Maz
1
Reputation point
**Scenario**
- React Native was used to create a mobile i.e. smartphone app.
- That mobile app successfully access a web api registered in the application registration portal in Azure Ad; no problem.
- But we had a requirement to have a web site too and this was fulfilled by converting the React Native code to a website.
- We then created a low trust on-prem provider hosted SP add-in and the remote web is that created from the React Native code and so is composed purely of HTML, CSS and JavaScript.
- We are not using Office 365 or SharePoint Online please note. We are on-prem..
- The website now needs to access the API outlined above. A SharePoint Provider Hosted low-trust addin uses use Azure ACS as token issuer.
- What steps do we need to go through to allow the website to similarly access the API please. Please outline in detail. We would prefer not to use the SharePoint framework or Graph if possible. We just want to get the web site able to communicate with the web api. Thanks very much. Maz
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,581 Reputation points Microsoft Employee2020-08-28T15:23:18.287+00:00 I hope you mean "Assertion consumer service" in a generic sense in Azure ACS which currently is Azure AD oAuth/SAML/WsFed Identity management service. There used to be a Access control service in Azure initially which is not available anymore for new instances and is currently not supported. If you still have old Azure ACS namespaces , I would advice against using it in production due to that not being covered by any SLAs because its a deprecated product as mentioned in the link above.
Sign in to comment